An audit of the Department of Energy's Cyber Security Incident Management Program found that duplicative efforts and the inconsistent reporting of cyber incidents are challenging security management.
...
Government reporting and accountability of compromises, incidents and loss of protected networked knowledge remain disjointed and inadequate, according to Sean Bodmer, chief researcher at security vendor CounterTack.
The biggest issues are not the incident responders in the trenches who want to honestly do their jobs, but almost always one of the typical political or policy challenges that "plague the Information Assurance and Security professionals working for and in the U.S. government," he said.